def who_has_permission_to(self, perm): try: content_type = get_content_type_for_model(self) id = self.id users = [] #object = content_type.get_object_for_this_type(id=id) perm = Action.get_by_name(perm.upper()) adminPerm = Action.get_by_name("ALL") for u in Permission.objects.filter(content_type=content_type, negative=False, object_id=id): if perm in u.get_valid_actions(): if u.user and u.user not in users: users.append(u.user) if u.group: for user in u.group.members.all(): if user and user not in users: users.append(user) if adminPerm in u.get_valid_actions(): if u.user and u.user not in users: users.append(u.user) if u.group: for user in u.group.members.all(): if user and user not in users: users.append(user) return users except Exception, e: return []
def has_permission_to (self, action_str, object, id=None, any=False): if isinstance(object, str): raise Exception( 'Argument 2 in user.has_permission_to was a string; The proper syntax is has_permission_to(action, object)!') content_type = get_content_type_for_model(object) object_id = 0 if not isclass(object): object_id = object.id action = Action.get_by_name(action_str) allAction = Action.get_by_name('ALL') #Checks if the group is permitted perms = Permission.objects.filter(content_type=content_type, object_id=object_id, group=self, negative=False, ) for perm in perms: if action in perm.get_valid_actions(): return True if allAction in perm.get_valid_actions(): return True if self.parent: return self.parent.has_permission_to(action, object, id=id, any=any) return False
def __init__(self, object, *args, **kwargs): object_id = object.id content_type = get_content_type_for_model(object) # If there is no instance, make a fake one! if not "instance" in kwargs: kwargs["instance"] = Comment(object_id=object_id, content_type=content_type) super(CommentForm, self).__init__(*args, **kwargs)
def __init__(self, object, *args, **kwargs): object_id = object.id content_type = get_content_type_for_model(object) # If there is no instance, make a fake one! if not 'instance' in kwargs: kwargs['instance'] = Comment(object_id=object_id, content_type=content_type) super(CommentForm, self).__init__(*args, **kwargs)
def history(request, id): instance = get_object_or_404(Order, id=id, deleted=False) history = Log.objects.filter(content_type=get_content_type_for_model(instance), object_id=instance.id) return render(request, 'orders/log.html', {'title': _("Latest events"), 'order': instance, 'logs': history[::-1][0:150]})
def save(self, *args, **kwargs): if not Core.current_user(): super(PersistentModel, self).save() return action = "EDIT" if not self.id: action = "ADD" self.date_created = datetime.now() self.creator = Core.current_user() self.company = Core.current_user().get_company() self.editor = Core.current_user() self.date_edited = datetime.now() changes = createTuple(self) super(PersistentModel, self).save() #GRANT PERMISSIONS if action == "ADD": Core.current_user().grant_role("Admin", self) admin_group = Core.current_user().get_company_admingroup() allemployeesgroup = Core.current_user( ).get_company_allemployeesgroup() if 'no_admin_group_permissions' not in kwargs: if admin_group: admin_group.grant_role("Admin", self) if 'no_allemployee_group_permissions' not in kwargs: if allemployeesgroup: allemployeesgroup.grant_role("Member", self) if 'noLog' not in kwargs: log = Log( message=changes, object_id=self.id, content_type=get_content_type_for_model(self), action=action, ) log.save() if 'noNotification' not in kwargs: for us in self.who_has_permission_to('VIEW'): if us == Core.current_user(): continue Notification( recipient=us, log=log, ).save() Core.current_user().invalidate_permission_tree()
def history(request, id): instance = get_object_or_404(Order, id=id, deleted=False) history = Log.objects.filter( content_type=get_content_type_for_model(instance), object_id=instance.id) return render( request, 'orders/log.html', { 'title': _("Latest events"), 'order': instance, 'logs': history[::-1][0:150] })
def save(self, *args, **kwargs): if not Core.current_user(): super(PersistentModel, self).save() return action = "EDIT" if not self.id: action = "ADD" self.date_created = datetime.now() self.creator = Core.current_user() self.company = Core.current_user().get_company() self.editor = Core.current_user() self.date_edited = datetime.now() changes = createTuple(self) super(PersistentModel, self).save() #GRANT PERMISSIONS if action == "ADD": Core.current_user().grant_role("Admin", self) admin_group = Core.current_user().get_company_admingroup() allemployeesgroup = Core.current_user().get_company_allemployeesgroup() if 'no_admin_group_permissions' not in kwargs: if admin_group: admin_group.grant_role("Admin", self) if 'no_allemployee_group_permissions' not in kwargs: if allemployeesgroup: allemployeesgroup.grant_role("Member", self) if 'noLog' not in kwargs: log = Log(message=changes, object_id=self.id, content_type=get_content_type_for_model(self), action=action, ) log.save() if 'noNotification' not in kwargs: for us in self.who_has_permission_to('VIEW'): if us == Core.current_user(): continue Notification(recipient=us, log=log, ).save() Core.current_user().invalidate_permission_tree()
def grant_role(self, role, object): object_id = 0 if not isclass(object): object_id = object.id content_type = get_content_type_for_model(object) act = Role.get_by_name(role) perm = Permission(role=act, group=self, content_type=content_type, object_id=object_id) perm.save() self.invalidate_permission_tree_for_members()
def valid_permission(self, permissions, action, object, id=None, any=False): if isinstance(object, str): raise Exception( 'Argument 2 in user.has_permission_to was a string; The proper syntax is has_permission_to(action, object)!') if Core.current_user().id == 1 and settings.DEBUG == True: return True object_id = 0 if not isclass(object): object_id = object.id content_type = get_content_type_for_model(object) try: permissions[content_type.name][object_id] except Exception, e: pass
def grant_role(self, role, object): object_id = 0 if not isclass(object): object_id = object.id content_type = get_content_type_for_model(object) act = Role.get_by_name(role) perm = Permission( role=act, group=self, content_type=content_type, object_id=object_id ) perm.save() self.invalidate_permission_tree_for_members()
def grant_permissions (self, actions, object, **kwargs): from_date = None to_date = None negative = False #Set time limits, if set in func-call if 'from_date' in kwargs: from_date = kwargs['from_date'] if 'to_date' in kwargs: to_date = kwargs['to_date'] #Set negative to negative value in kwargs if 'negative' in kwargs: negative = True #Make it possible to set permissions for classes object_id = 0 if not isclass(object): object_id = object.id #Get info about the object content_type = get_content_type_for_model(object) perm = Permission( group=self, content_type=content_type, object_id=object_id, from_date=from_date, to_date=to_date, negative=negative, ) perm.save() for p in Action.get_list_by_names(actions): perm.actions.add(p) perm.save() self.invalidate_permission_tree_for_members()
def grant_permissions(self, actions, object, **kwargs): from_date = None to_date = None negative = False #Set time limits, if set in func-call if 'from_date' in kwargs: from_date = kwargs['from_date'] if 'to_date' in kwargs: to_date = kwargs['to_date'] #Set negative to negative value in kwargs if 'negative' in kwargs: negative = True #Make it possible to set permissions for classes object_id = 0 if not isclass(object): object_id = object.id #Get info about the object content_type = get_content_type_for_model(object) perm = Permission( group=self, content_type=content_type, object_id=object_id, from_date=from_date, to_date=to_date, negative=negative, ) perm.save() for p in Action.get_list_by_names(actions): perm.actions.add(p) perm.save() self.invalidate_permission_tree_for_members()
def grant_role(self, role, object): """ Make it possible to set permissions for classes """ object_id = 0 if not isclass(object): object_id = object.id content_type = get_content_type_for_model(object) act = Role.get_by_name(role) perm = Permission( role=act, user=self, content_type=content_type, object_id=object_id ) perm.save() self.invalidate_permission_tree()
def has_permission_to(self, action_str, object, id=None, any=False): if isinstance(object, str): raise Exception( 'Argument 2 in user.has_permission_to was a string; The proper syntax is has_permission_to(action, object)!' ) content_type = get_content_type_for_model(object) object_id = 0 if not isclass(object): object_id = object.id action = Action.get_by_name(action_str) allAction = Action.get_by_name('ALL') #Checks if the group is permitted perms = Permission.objects.filter( content_type=content_type, object_id=object_id, group=self, negative=False, ) for perm in perms: if action in perm.get_valid_actions(): return True if allAction in perm.get_valid_actions(): return True if self.parent: return self.parent.has_permission_to(action, object, id=id, any=any) return False